VirSCAN只有小红伞报可疑

lomo

小红伞GUARD发出报警
经查看日志：
Virus or unwanted program 'HEUR/Malware [HEUR/Malware]'
detected in file 'C:\Program Files\Bang & Olufsen\BeoPlayer\MMHook.dll.
Action performed: Deny access

发现在B&O播放器安装目录下有个MMHook.dll的可疑文件

上传到VirSCAN分析，结果只有小红伞报。样本已经提交小红伞分析。
文件名称 :   MMHook.rar
文件大小 :   31660 byte
文件类型 :   RAR archive data, v1d, os
扫描结果 :   3%的杀软(1/36)报告发现病毒
时间 :   2008/03/29 10:35:36 (CST)
AntiVir 7.6.0.78 7.0.3.92 2008-03-28 HEUR/Malware 12.553

tanlimo

ESS  avast! 全飘

秋叶濛濛

红伞杀了
Begin scan in 'F:\Virus\MMHook.rar'
F:\Virus\MMHook.rar
  [0] Archive type: RAR
  --> MMHook.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was deleted!

lomo

小红伞还在分析中
Subject：[#134060] Upload via Website - False positive suspicion   
Submitted on：29 Mar 2008 03:42 +0100  
Answer sent on：Pending...  


好像在我之前有人上传了同名的压缩包，不过有60多K，是我的两倍大。
只有小红伞报
不知道是不是误报
不过这个MM挂钩看起来不像是好东西

qigang

rising20.37.52未知！

BING126

应该是误报？

lomo

删了此dll
B&O播放器还可以正常使用
干脆把B&O播放器也卸载了
等待小红伞的结果
不过周末貌似休息


我上报小红伞的时候选的是可能误报

14206937

相信应该是误报!

The file 'MMHook.dll' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Security Privacy Risk (SPR). In particular it means that it is a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy. Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

lomo

We received the following archive files:

File ID	Filename	Size (Byte)	Result
3802993	MMHook.rar	30.92 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
3802994	MMHook.dll	65.5 KB	MALWARE

Please find a detailed report concerning each individual sample below:

Filename	Result
MMHook.dll	MALWARE

The file 'MMHook.dll' has been determined to be 'MALWARE'.
Our analysts discovered that the file is a Security Privacy Risk (SPR). In particular it means that it is a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy. Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

应该是我最先上报的吧~